Show simple item record

dc.contributor.advisorTuğlular, Tuğkanen
dc.contributor.authorYarımtepe, Oğuzen
dc.date.accessioned2014-07-22T13:51:34Z
dc.date.available2014-07-22T13:51:34Z
dc.date.issued2009en
dc.identifier.urihttp://hdl.handle.net/11147/3459
dc.descriptionThesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009en
dc.descriptionIncludes bibliographical references (leaves: 63-66)en
dc.descriptionText in English Abstract: Turkish and Englishen
dc.descriptionix, 80 leavesen
dc.description.abstractDetecting suspicious traffic and anomaly sources are a general tendency about approaching the traffic analyzing. Since the necessity of detecting anomalies, different approaches are developed with their software candidates. Either event based or signature based anomaly detection mechanism can be applied to analyze network traffic. Signature based approaches require the detected signatures of the past anomalies though event based approaches propose a more flexible approach that is defining application level abnormal anomalies is possible. Both approach focus on the implementing and defining abnormal traffic. The problem about anomaly is that there is not a common definition of anomaly for all protocols or malicious attacks. In this thesis it is aimed to define the non-malicious traffic and extract it, so that the rest is marked as suspicious traffic for further traffic. To achieve this approach, a method and its software application to identify IP sessions, based on statistical metrics of the packet flows are presented. An adaptive network flow knowledge-base is derived. The knowledge-base is constructed using calculated flows attributes. A method to define known traffic is displayed by using the derived flow attributes. By using the attributes, analyzed flow is categorized as a known application level protocol. It is also explained a mathematical model to analyze the undefined traffic to display network traffic anomalies. The mathematical model is based on principle component analysis which is applied on the origindestination pair flows. By using metric based traffic characterization and principle component analysis it is observed that network traffic can be analyzed and some anomalies can be detected.en
dc.language.isoengen
dc.publisherIzmir Institute of Technologyen
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subject.lccQA76.9.A25 .Y28 2009en
dc.subject.lcshComputer securityen
dc.subject.lcshAnomaly detection (Computer security)en
dc.titleAnomaly detection using network traffic characterizationen
dc.typemasterThesisen
dc.contributor.authorIDTR144185
dc.contributor.departmentIzmir Institute of Technology. Computer Engineeringen
dc.relation.publicationcategoryTezen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record